Hi,
first of all, thanks @sthen for your answer (OP has no net access atm).
We are to the point where the clients get ip (windows/linux/OpenBSD) and
traffic is passing through the server as expected.
There is a very strange problem with ssh service though. While internet
traffic
is being routed as expected, when we try to ssh, we can't connect (from
OpenBSD
clients) to any server.
[..snip..]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
and it just hangs there.
Test time with windows, and with PuTTY, there is absolutely no problem. I can
connect anywhere with absolutely no problem. At this point, I went with the
crazy idea to try PuTTY on OpenBSD. And ssh with PuTTY works... We can't get
our heads aroun this problem and why this is happening.
## pf.conf @ server ##
NIC="<interface>"
set skip on {lo0}
block # block stateless traffic
pass # establish keep-state
block in on ! lo0 proto tcp to port 6000:6010
block in on vic0
#vpn
extip="<ip>"
pass in quick inet proto tcp from any to $NIC port {<ports>} flags S/SA keep
state
pass quick proto { esp, ah } from any to any
pass in quick on egress proto udp from any to any port {500, 4500} keep state
pass quick on enc0 from any to any keep state (if-bound)
pass out quick on egress inet from 10.0.10.0/24 to any nat-to (egress:0)
pass out on vic0
Does anyone has a solution to this problem?
Thanks.
--
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
[demime 1.01d removed an attachment of type application/pgp-signature]
